New 'Virtual Patch' Targets Java, .NET Vulnerabilities -- ADTmag

New 'Virtual Patch' Targets Java, .NET Vulnerabilities

By Wendy A. Hernandez
February 7, 2018

Waratek announced a new security tool for Java and .NET applications that uses virtualization to quickly apply patches for long-term and newly discovered vulnerabilities.

The company positioned its new Waratek Patch as an alternative to the traditional "physical" patching process that enterprises follow after critical fixes are issued by Oracle and Microsoft -- a process the company described as "a significant part of the burden teams face."

Waratek said the virtualized patch lets enterprise developers and admins more quickly address flaws unveiled in Microsoft's "Patch Tuesday" process and Oracle's quarterly Critical Patch Updates (CPU), in addition to protecting against old vulnerabilities that organizations may not have gotten around to fixing yet.

Described as a "lightweight runtime plug-in agent," the company claims the tool can enable admins to secure Java- and .NET-based apps without changing any code or having to take an application out of production. Its current library includes released patches for Java 7 and Java 8 (going back about four years), with a plan for later Java versions being added this year.

In addition to applying routine updates from Microsoft, Oracle, Apache and other software vendors, the tool can help dev and security teams create and apply custom patches based on static and dynamic application security scanning tool reports, Waratek said in a news release this week.

"This gives dev teams the opportunity to better prioritize tasks without running the risk of being breached while waiting to apply a physical patch," noted Waratek Founder and Chief Technology Officer John Matthew Holt. "Waratek Patch allows security teams to improve compliance with company, industry and government regulations while reducing costs and labor-intensive activities associated with applying physical patches."

With Waratek Patch, the company claims organizations can:

Instantly patch applications with no code changes or downtime required
Create and apply custom virtual patches from scanning tool reports
Apply Java & .NET current critical patch updates as virtual patches
Improve compliance with company, industry and government regulations by adding a library of virtual CPU patches to add updates that may not have been applied in the past

According to the release, any vulnerability that's been patched with the plug-in cannot be exploited and the company guarantees that, once installed, the virtual patch will not break an app.

To learn more about the entire Runtime Application Security Platform, visit the company's Web site.

About the Author

Wendy Hernandez is group managing editor for the 1105 Enterprise Computing Group.

Featured

AppTrends

Email Address*Country*

Please type the letters/numbers you see above.

Upcoming Training Events

0 AM

Visual Studio Live! Chicago
April 29-May 3, 2024

VSLive! 2-Day Training Seminar: Building Cloud-Ready, Resilient Systems in .NET
June 4-5, 2024

VSLive! 4-Day Hands-On Training Seminar: Full Stack Hands-On Development with .NET (Core)
July 16-19, 2024

Visual Studio Live! Microsoft HQ
August 5-9, 2024

Live! 360 2-Day Hands-On Seminar: Swimming in the Lakes of Microsoft Fabric and AI - A Hands-on Experience
August 20-21, 2024

VSLive! 4-Day Hands-On Training Seminar: Hands-on with Blazor
September 17-20, 2024

VSLive! 2-Day Hands-On Training Seminar: Developing Secure ASP.NET Web Apps
September 24-25, 2024

Live! 360 Orlando
November 17-22, 2024

VSLive! 4-Day Hands-On Training Seminar: Full Stack Hands-On Development with .NET (Core)
December 10-13, 2024

Free White Papers

More Tech Library